Virtual Code Authentication / Security Update

We are committed to protecting employee data. This includes keeping your data safe and reduce security risks, our workforce management solution now offers additional security options that will slightly change the way employees access the application.

Employee access to the system will now require a more complex password, as well as multi-factor authentication. Similar to online banking processes, multi-factor authentication adds an additional level of security by requiring you to enter a randomly generated six-digit code in addition to your user name and password during log-in.

The security combination factors are as follows:

Password=something you Know

Code=Something you Have

Logins that will not require a second factor of identity:

Mobile application

InTouch Time Clocks

Web Clocks*

Single Sign On

Job Applicant Logins

*Multi-Factor Authentication will not be required when using a Web Clock unless the Login feature is used. Once you have setup authentication preferences on a system portal, your new password can be used on the Web Clocks.

New Log-In process required

The new -- more secure -- login process is summarized below.

1. Enhanced Password Standards:

Going forward, your password must contain a minimum of 8 characters and include at least on of the following:

Uppercase Letter

Lowercase Letter

Number

Symbol

Example: Password1$

Note: Passwords have up to 90 days before they expire and need to be changed.

2. Multi-Factor Authentication:

After you enter your username/password click login, if the system does not recognize this computer as one you have used in the past 30 days, the system will require a second form of authentication before you can continue. A code will be emailed, texted, or sent to you via an automated voice call, which you will then enter to access the system.

Next Steps: What do you need to do?

Step #1 Start your login process as usual.

After you successfully enter your username and password, the system will prompt you for a new password (even if your current password already meets the new standard). The password criteria will have to meet the new standards outlined above. (There will be on-screen instructions to walk you through this process.)

Step #2: After changing your password, you will be prompted to configure the Multi-Factor Authentication settings. Up to three methods can be configured for receiving the code, as follows:

You may choose to enter all three or only one of these options.The system will have pre-filled any phone or email that is already listed in your account; however if you want to use another phone/email for the purpose of receiving the code, those fields can be overwritten with new information.

When done, click save. Once this step is completed, you will be logged in to the system. (If you change your email or phone number in this process, it will not replace or update information entered in your employee profile. This is used strictly for code authentication.)

Next time you log in, the system will list the methods you have selected in the setup process, and you will be able to select one of those. The system will generate a random six-digit code and send it to you. After you have entered the code, the system will validate the number and grant access to the application.

Important: If this is your office or home computer that you will use in the future to login, you should check the box to avoid the code requirement on future logins from “this computer.” The verification code on this device will be valid for 30 days.

As a best practice, this option should ONLY be checked on an individual personal computer and should never be checked on a shared computer.

Frequently asked questions

Can you opt out of using Virtual Code Authentication (VCA)?

No, Using VCA is a requirement of the system.

My employees are not receiving the email with VCA code, what do I do?

You can check if the company has an email address under Company Settings > Global Setup > Company Setup > Company Info.

You should also check if emails going to their junk/spam folder? This is very common. You may also have an external junk email blocking service. Verify with your IT group that the emails are not being stopped due to security settings.

Is there a firewall in place that is prohibiting the email from coming through? If so you can whitelist our mail server address - smtp.saashr.com.

My employees are not receiving the text message with the VCA code, what do I do?

Did the employee include their area code when they keyed in the phone number?

Confirm the cell service provider, some carriers are remote and do not allow such messages to flow through.

Will VCA affect me if I am a SSO user?

No, if you are logging into the system via SSO you will not be affected by the new security enhancements as authentication via username, password and other means is the responsibility of the primary system the employee's log into.

All of our administrators are locked out, what should we do?

Submit a ticket to support@beyondpay.com or https://support.beyondpay.com. You will be asked for an email from a company officer that requests we reset their password and/or unlock their username.

Our company policy does not allow users to have access to email or phone. What can we do?

Kiosk mode. This will allow you to bypass needing to enter in a VCA code. Kiosk mode does not need to be set up on each individual computer that will utilize this option. Instructions can be found within the VCA user guide.

Will VCA affect those who are punching in/out on a clock or through the web clock (.clock)?

A VCA code will not be required to strictly punch in/out.

Users will be prompted to change their password and configure how they receive the VCA code only when they attempt to log in.

An employee updated their email address within their profile, but when they attempt to log in they still see the old address. How can we correct this?

A user with security access to clear VCA configuration will need to go onto the employee profile and click the button "Clear VCA Configuration".

My employees have selected to remember the device for 30 days but they are still being prompted for a code each time they log in.

The option to remember the device is both browser and computer specific. If an employee first uses Internet Explorer to log in with a code & chooses to remember the device, but ten uses Chrome to log in the next time, they will be prompted for the code. This is also true for each computer they access the system from.

Also, you can confirm that the user's browser set up to delete cookies when they close out. The code is stored in the user's cookies. If they are regularly clearing/deleting their cookies they will be asked to enter in a new code when they log in.

How long is the code good for?

The code is "live" for 15 minutes from the time it is generated. For emails, if the employee clicks the option to send email multiple times each previous code will be deactivated and only the most recent email/code will work.